Saturday, November 11, 2023

Why NOT to use password managers?



Hey, it's been years I hadn't posted anything, but there were reasons, OK? So hopefully I would be able to post more often. Now, the title might be a bit bold, but the point is to demonstrate why password managers are not as good as they claim and why some trivial solutions, like browsers are actually not that bad as portrayed. So for this article, I propose to debunk and analyze common misconceptions, regarding password managers, spread by marketing and sales to scare you and make some profit.

 

"browser password managers are limited to that specific browser"

 

OK,  we can just say that it's not true and go on. Not only password storage can be converted from one browser to another, not only browser data can be synchronized on multiple devices, but different browsers can also access your single keyring/keychain. But, what about sharing the password?


"you can't securely share yor passwords with someone else"

 

Despite the fact that there is no integrated solution for such purpose in browsers, I wouldn't say that the stand-alone managers are actually better: you have to use same password manager, have an account and probably pay for it. However, you can always use existing solutions, like free E2E messaging (which you suppose to use for a secure communication anyway), web-based crypto bin/pastes or even (self-made) anonymous token sharing. Granted your password is secure...

"there is no security check for password strength"

 

Not a valid point, browsers are capable of generating "random" passwords, which can be further tuned with an extension. An etropy check is, however, always advised. Nonetheless, sites nowadays will often enforce their own password policy and some services can even provide static passwords that can't be changed, although you're supposed to have different password for different case and change them from time to time (especially if the platform got a leak). Anyway, about the passwords...


"you can only store passwords"

 

It is true that browser password managers storage capabilities are somehow limited, but this is very true for stand-alone password managers as well, thus the existence of disk encryption and cryptographic containers, which brings us to...

 

"browser passwords aren't stored encrypted"


Well, not if you're using a primary/master password and cloud solutions are also possible for browsers. Now, I would like to address a case when you're not storing your passwords encrypted and the first thing that I want to say is that until your hard disk is encrypted, it is actually not that crucial. With disk encryption it's pretty self-explanatory, if your disk/partition isn't encrypted, anyone with physical access to your pc can have your data, which is of course not good. If you use disk encryption (and it's well used), the only way to access your data is to compromise your software and if someone is able to access your pc that way, fewer things could stop the attacker from getting your password to decrypt something that is locked - if you can't trust your system, you can't trust your data. Now, I would always recommend to encrypt, rather than not and to use multiple security layers, also speaking about security...

 

 "your browser isn't a security product and may be compromised"

 

This is, unfortunately, very true, but this is the most used product to access the internet regardless and other password managers aren't perfect either. In fact, nothing is perfect, some browsers are better than the others, some hardening is possible, some password managers have browser extensions (perhaps they aren't sure about their own security either) and even if our software was perfect, there is still the kernel, the hardware and the user ... At this point you could even say that it's more secure to write your password on a post-it, so it can't be hacked on your pc and in fact, hardware password managers, crypto wallets and authentication tokens do exist, not even speaking about biometric and multi-factor strong authentication. By the way, I made a research thesis on this subject some time ago. Furthermore, I also made a password generator (deterministic password manager), which might be somewhat useful in some cases for someone.

 

 Now what?

 

Now, all that we are left with are questions: why should we use password managers in the end? Why use passwords altogether? What is authentication? What is identity? Can it all be secure enough? With all my regret, I must say that I don't have definite answers and in fact, answering this is not the point of the article. What I wanted to show is that browser password storage is actually a pretty viable solution and that the password managers have some limitations to consider. I'm not saying that anyone mustn't use password managers, this is a security solution after all, but I'm saying that there are alternatives and every solution has to be considered from case by case, depending on what you need. Thus, you shouldn't be easily persuaded on what your vendor says, or any "security expert". This article isn't a holy Bible either, I only express my opinion by providing some information to back it up, nothing more, nothing less, it's always up to you to decide what you will use and this is the only thing that I want my reader to keep in mind. That said, stay safe, stay secure.

 


Monday, January 27, 2020

Gone in 6 seconds - How Anti-Theft Shop System Works



Yep, it's been a while since I wrote in my blog, mostly for business and personal reasons, but from this year, I'll try to publish more and it starts right now.

Have you ever been in a situation when you bought something and they forgot to put off the protection? Me, I don't go shopping often, but sometimes it happens and for me it's an opportunity to play with it.

Basically, there are 2 protection levels : mechanical and electrical, we will start with the first one.

Mechanics

Nothing fancy here, really. After disassembly of the shell using cutters and pliers, there are 5 main parts:
  • the needle, which is embedded into plastic cover
  • the big cap, containing the small cap
  • the small cap with some holes for the balls, where the needle goes
  • 3 small metal balls that hold the needle in the small cap and are held in the holes of the small cap
  • the spring, pushing the small cap



 
The principle isn't that complex, basically after the 3 balls are put into the small cap they don't hold the needle, but after the small cap is put into the big one, since its form isn't straight but rather triangular, when the needle is pulled down, it puts the small cap down alongside and since there ais less and less volume for the balls, they retract and block the needle between them. Thus, the stronger you try to put the needle, the harder it will be. Moreover, since the small cap is blocked by the big one, which itself is pulled down by the spring and protected by the plastic, there are not  too many options to pull it up. The way it's done in the shopping center is simply by using a magnet to create a field strong enough to move the small cap first without touching it, which makes the big cap free and thereafter the needle.
Simple and effective.




The spring will complicate the process a little bit, hence a really strong magnetic field is required (+10kg), plus it has to be in a certain direction.
Nonetheless, in order for such system to work, all metal parts should be ferromagnetic, so they can be pulled by the magnet.
Lastly, those balls are made from steel (#thatsWhatSheSaid, an alloy of iron with another metal or/and carbon), as well as the caps and needle, but they are covered in nickel which gives a coefficient of friction from 0.7 to 1.1 and so even if lubricated, it still will remain about 0.3, so WD-40 won't do much.
Of course, you can always use a liquid nitrogen to freeze the needle and just break it, but such attack is a bit far to be practical.

Electronics

Now, it gets interesting, given the fact that a thief can just take the goods and break the protection later, such fact has to be detected in the first place. This is done using RFID. In principle, it's not too much different from a basic tag operation, since those are passive systems, you need to send a pretty strong signal in order it's deformed or/and reflected by the tag and catch it on the other side. If the signal is different (induction by the tag) or reflected (response) then it's detected and the alarm goes.

I will not go deeply in electromagnetic theory of solenoids in this article, but I'll try to explain it simply and give some references for further understanding.

So, that's how the inductor coil looks like after disassembly:


You also may have noticed that there is a small capacitor, that's useful in order to determine the frequency of the induction, but first, let's make some measurements:




The diameter of the coil (D) is something about 3.5cm, the wire thickness (d) is close to 0.3mm (0.33mm with insulation), the distance between two wires (pitch) is ~0.5mm, it's copper, the number of turns (N) is 7 and the winding length (l, depth) is 0.4cm. With this information we can calculate the inductance (L) using this approximation formula :


Which will be equal about 3.3uH (I adjusted the value a little bit according to the real formula which is actually much more complicated). This also corresponds to ~80cm of wire and the reactance of such coil will be ~180 Ohm.

Connecting the capacitor (C) of 100pF (approximate value after measurements) to the coil will force the current to oscillate with a specific frequency (LC circuit), which can be calculated as follows:



Something around 8.7MHz, which is kind of close to the NFC spectrum (13.5MHz) and as my tests show, the coil reacts pretty good at such frequency:



I mean, you can even power a LED with it:

 
The basic theory behind this is that an inductor will resist the changes in current and the capacitor will charge and discharge the current. When two combined, the current will oscillate by discharging the capacitor and charging it again with the force of induction. Given that the resistance is zero, this cycle will be repeated infinitely.
Two inductors (coils) close together will exchange the fields and transform it back to the electric field, hence the purpose of transformers and the reason why the LED is gloving.


The induction itself is just a creation of electromagnetic field of a certain force and direction, which is just an exchange of photons between particules and... but I think I probably already have given too many physical details. If you want to check my results and maybe learn something, you can use a pretty good free tool - Coil64 and watch some of Eugene's videos, as well as simulate such circuit.

Note that solenoids also show that the famous Kirchhoff-Ohm's law isn't an actual law, but just a particular case of Faraday's law, which determines the electromagnetic flux defined by Maxwell's equations. Thus, if we measure the voltage in two points of a solenoid in different directions, we will get different values. Pretty interesting paradox, you can make this test yourself or just read the paper on this topic (or just watch a video).

But yeah, let's get a bit practical, shall we? For instance, let's simulate a shop anti-theft protection ourself by putting an NFC antenna and another coil close together. Next, we will connect an oscilloscope to see the voltage drop when the protection is passed by since it will absorb a huge part of EMF, because it was tuned to such frequency. This is how the alarm works:


Bypass

So, as you might now, it was Christmas a month ago (depends where you live and when you read of course) and I bought some foie gras, but they forgot to remove the protection and the security was too busy to notice the alarm. We are going to try to bypass the protection with not too much effort:


Well, it works pretty well in this case. Note that you would need a really strong neodynium magnet for some shells and those are not cheap since, their magnetic field remains strong for a long time and they act only at a close distance.

Another way, is to simply put it in a Faraday cage, thus the emittions will be absorbed by it and not transmitted to the tag, but it also could cause a false positive alarm since the electric potential will still vary.

The reason I publish this is to simply show that current protections aren't perfect and that they can be bypassed pretty easily with right tools. Don't forget that there are also cameras and security in the shops, so EMF will not be the only problem to deal with.

Anyway, I should say that it's not good to steal since, it causes unbalance in property/work value and the state will be very grateful for the VAT, as well as companies for the profit (although vendors were considered the lowest social class in Japan, since they don't produce anything by themself) and this profit still will have some taxes and some of this money could be stolen by the employees or/and by politicians so... in a case of a theft, it's actually difficult to say who lost in the end.

Finally, I hope that you learned something from this and happy that I began my writing again. Until next time and be safe.


Friday, July 13, 2018

GhostInTheChaos - Chaotic Crypto Stealth VPN for Anonymity and Untraceable Hacking Attacks with Linux and Android


13.07 - as you may have seen in the past, at this date, I publish some pretty decent projects, this one isn't an exception and probably will become a subject of a controversy, like it happened already.

Anyway, the following research (and code) is about the eternal confrontation between order and chaos, specifically between network censorship/filtering and freedom of access, as well as traceability, but also about security.

In order not to complexify an already pretty complex system, let's start from simple things and improve them step by step.

CAN I HAZ ACCEZ?

A simple situation, you're accessing the internet directly (with a router and/or switch) from your device (laptop, PC, tablet, smartphone, etc.) :


This is how the majority of you (unfortunately) access the internet. Well, there are certain advantages, like speed (since no traffic is intentionally modified), simplicity (plug&play) and price (can even be free in some cases). However, there are some obvious disadvantages, like a complete lack of security and privacy. Of course, you still can access some sites over HTTPS, which will provide security (authenticity, confidentiality and integrity), but your ISP or some other attackers  or a corporate firewall can see what site you're visiting, for how long and how much data is going (aka metadata), don't even mentioning that if your country/enterprise will decide to block some sites or/and services, you can't access them anymore (using the described schema) :


You still can use another DNS server and even go over DNSCrypt, but your ISP can still block IPv4 as well as IPv6 addresses and a corporate firewall can force local DNS.

PROXYZ

Some of you might use so-called proxy server, free or paid, which basically routes your web traffic over another server in such a way that your ISP don't handle the packets itself :


This is a pretty common way to bypass censorship and some filtering, although filtering might be problematic since, proxy can force local authentication and redirection, without even speaking about security, especially for "free" proxy servers since, you can't trust them and the traffic still can be unencrypted.

But some of you might have their own servers, in a country with not too many restrictions, which can be used as an encrypted and authenticated proxy server with the help of SSH Dynamic Port Forwarding :



Putting it to port 443 (HTTPS) will even bypass network filtering and censorship, however, it's only a proxy and not a complete VPN and it can and will be blocked by a majority of corporate WAFs or government DPI since, SSL (used by HTTPS) and SSH are different protocols.

VPNZ

Speaking about VPN, some of you might also have it :



Which allows to redirect all network traffic transparently through such server, but there is still the problem of protocol difference, although OpenVPN is based on SSL/TLS and support certificates, the traffic order and packets are still different (depending on configuration), thus can be blocked :



So, a solution is to use another software to simulate HTTPS and encapsulate the VPN traffic inside, one of them is stunnel:



With a proper domain name and certificate, this should work, but you still have to take in count traceability, if you're going to do some stuff that will spark up an interest in your activity since, your VPN provider will store logs at least on IP level that will lead to you.

H4X0RZ

What hackers commonly do is that they have a "bulletproof" VPN, a server that they buy anonymously (usable cards, crypto, etc.) or just hack and use anonymously (Tor, neighbour WiFi, etc.) :


This is very nice, except that you still have to prevent correlation and don't access Tor directly (which will require another technique), plus you will lose some speed. An actual VPN isn't required though, you still can have a simple shell, but you suppose to have a server in order to hack properly (like reverse shell) and store loot.

FORGET EVERYTHING YOU JUST READ

Nothing new so far, right? Well, now we will begin the fun part, in short I will do all of the above in a better way without OpenVPN, stunnel and Tor. Moreover, I will secure servers on network perspective, so let's start with this.

First of all, the whole technical configuration can be automated and found on my GitHub.

Now, we will need iptables on our server to... block all the traffic. Yes, we will block everything which enters the servers (leaving the state-full connections and output/transfer) and yes, this will completely lock it down and make completely invisible on the network. No, I'm not joking. This will ultimately protect from scanning and exploiting the server, "you can't fight what you can't see", the stealth element. I know that you're still wondering, how then we will access the server, except the debug TTY which we may not have in the first place? Well, the answer is knockd, Port Knocking utility, which will allow a specific IP to connect after a special sequence of ports has been sent to server. This is kind of "security by obscurity", I do agree, but since we will secure everything else, this is an optimal solution InMyHakishOpinion since, you don't waste your resources for fail2ban or other stuff like that. I prefer to use only 80 and 443 ports, which is the minimum network filtering nowadays, and then redirect 443 port to our service.

One of them will be SSH, that should still be on its default 22 port, but I would advise to use only ed25519 asymmetric cryptography for key exchange, public key authentication, and ChaCha20/AES256-GCM symmetric ciphers with Poly1305/SHA256 hashes as those are defacto standards at the moment.

You might think that we will redirect 443 to 22 and you will be right, except that we need our SSL/TLS tunnel, which we will create using... socat (crypto element), with a custom certificate of course and if you want, you can even generate one using LetsEncrypt.

At this point, we can freely use our SSH which will bypass WAFs and even switch DPF for proxy effect, but it will be cooler if it was a VPN, right? Well, we will create a VPN using... SSH. No, I'm not joking once again, you can create a virtual remote tunnel (what is VPN basically all about) using SSH. So with SSH you can have both shell and all your traffic routing through it, cool (with some ipv4_forwarding and NAT post-routing). Right now, our setup looks like this and fully functional :



But we are still missing the "anonymity" part and here's where the "chaos element" comes into place. Well, by  chaos I mean I2P, which we will use to make the connection to a second "bulletproof" server almost untraceable from our first server by simply creating an indirect tunnel (kind of hidden service) between them :



And yes, the CHAOS server will also have iptables for blocking, but without knockd since we will only allow input for UDP and maybe IPv6 for tunnelling. Such solution will always participate to I2P internal networking and thus making correlation very difficult (which suppose to be the case for VPN as well). We will still need SSH for the very same purpose in proxy mode (shell/VNC/VPN), so basically we are replacing socat with I2P and doing SSH bounce. The main difference is that I2P is made for internal networking, it's like a mini internet with its own crypto and protocols, which is IMHO can be more secure, more reliable and faster than Tor.

Great, the last thing we need to do is to configure all this for our device, in order we can use it and, with some shell scripts and key/certificate sharing everything is done, you can even use it on Android and pretty much any Linux/Unix with some customization, simple and efficient as that (not considering my days of research, problem solving and budget, heh).

As alternative to dropping all the traffic and redirecting using knockd, you can set up your HTTPS web server at the default 443 port and redirect the traffic to SSL:SSH to another port with knockd and socat. Like this, your connection will seem to be legit HTTPS packets with a real HTML site, which will be visible by everyone, whereas it's an encapsulated and prerouted SSH for you.



ALL YOUR DATA ARE BELONG TO US

Wow, amaze haxor, such APT, so hackerish, many pwn, very leet... but can it be defeated? Well, as it is, it can.

First of all, VPN server has to participate in I2P routing in order to make correlation more difficult. Second, you have to store public keys in order to prevent MITM attacks. Third, you shouldn't rely only on knockd and keep your software up-to-date as well as apply "defence in-depth" (like SELinux/grsec/PAX/AppArmor/cgroups). Fourth, even if there is no difference on the protocol level, there will be some regarding packets/bytes/time, so let's do some analysis :


This chart is a simple HTTPS connection to a search engine, for X we have time in seconds and for Y we have the number of packets (red chart) or bytes (black chart). As another example, let's analyze ProtonMail connection :



On the left the ratio of bytes and on the right the ratio of packets, pretty similar characteristics. Now SSH :


As we can see, the SSH connection differs from SSL, both for packets and bytes. Now OpenVPN :


Much more different. How about to compare SSH through socat ?


Well, as you can see, you can change the protocol, but you can't change the data (red - pure SSH, black - over socat). Same goes for VPN :

Note that even if SSH ciphers are better maintained, protocol is more robust and performance is higher, the major bottle-neck is still TCP over TCP, since SSH doesn't support UDP at the moment, which is a bit different topic of discussion, but still a feasible solution.


PHILOSOPHY OF ENTROPY

My point isn't about that order won't ever win versus chaos, or that chaos stands no chance against order, but about the simple fact that none of them can win nor lose. Even if we suppose that the chaos (entropy) is the ultimate destiny of the universe, it will make no sense without order and the fact that the destiny is already determined signifies the presence of order. To put it in the nutshell, nothing is black or white in this world, nothing is determined or uncertain, there is only hope and illusion about either security, either freedom. You can believe me or not, believe that you can believe or not, nothing will matter in the end, but only the fact that you're conscience about your choice at this moment. Entropy is a stable state, so the chaos is order and order is chaos, humans invented it, not universe. Same goes for good/evil, death/life, 0/1 and quantum physics.

Well, I think that I'v kind of leaving my initial topic with such meta-physical-philosophical discussions, without even speaking of all the technical complexity I just explained pretty briefly, so I'll leave you with my "chaos theory" for now.
Remember, the choice doesn't matter, but the fact of choosing does.
Now, think about it all and put my work into the good use :)

Thanks.


Wednesday, January 17, 2018

Bitcoin Conspiracy - Who and Why? or when technology meets politics and economy



Yeah I know what you're thinking - "please, not another goddamn conspiracy theory", right? Well, I'll do my best to make this article as different and as logical as possible, although, it might be a little more political/economical than technical, but still informative.

OK, now almost everyone knows that at the end of 2017, one BTC cost almost 20,000 $ and that it was a very good investment years ago, but how did it all start and for what purpose?

Before I really begin, I would like to notice that all bitcoin transactions are publicly visible by everyone, thus bitcoin isn't an anonymous currency by nature, like Dash/Zcash for instance, as far as you don't publish your public key with your identity (like for donations).

The legend is that it was created by a Japanese as a decentralized cryptocurrency based on blockchain technology. I do believe that it could be done by a single man (as I reinvented blockchain in my time), but I don't really see the reason for staying anonymous, though some "big" projects creators preferred to hide (like Linux PaX), in this case it won't change anything since, the "Pandora's box" is already open and there is pretty much nothing the creator can do if something will go wrong (the community still has to accept some kind of "soft-fork", like it was with Ethereum or on altcoin with a larger block size (think Litecoin)).
For me this means only one thing - nobody suppose to know who made it and thus, the reason behind it.

So, who actually created it? You may hear different versions : cypherpunks, NSA, CIA, illuminati, lizards, aliens, you name it ...
I will go with a more-or-less realistic assumption, but in order to understand my statement, I have to mention a little bit of history.

What is currency nowadays? Just a paper that people believe is somehow valuable and represents a financial debt, like dollars. But before they were backed by real gold (taken from citizens), you could go to bank and say - "Here's thousand backs, now give me some real coins", the same was in Soviet Union, you could exchange rubles for a shiny metal, a paper was an equivalent for gold. But after a dozen years a man called Charles de Gaulle tried to do it for all the dollars in France, such exploit made USA lose much gold and then they (more precisely, Federal Reserve System, which not belongs to state) understood that it wasn't a very smart idea after-all. So, they just started printing papers, hoping that people will still believe that they are valuable, and later with IT, they just simply making zeroes and ones, without any "material base" what-so-ever. Backing dollars with gold as intrinsic value was an attempt to universalize it and force everyone to use it by USA, which became the richest country with the largest gold reserve just after the WWII.



A currency is itself a debt, but do you know how much USA owns? Very, very much, more than there are resources in the whole world, which will eventually lead to its inevitable economical collapse and America won't ever be "great again", while printing all these bucks. So, as time passes, country has to get rid-of all this debt, a war isn't a bad solution as debt burning (I should mention Ukraine ... maybe later), but after the financial crisis, a solution should be found quickly. Yet, what if we made a new currency related to dollar as its alternative and force everyone to use it instead while keeping a big part of it? Eureka! Total control. Surely, we will have to give the blockchain technology as well, but that's an acceptable price.

OK, enough politics for now, let's go technical, let's speak about hacking, although malware creation isn't really hacking, but still related to the topic.
Some malware researchers/analysts have found some links between some ransomware attacks and government hackers (specifically Equation Group (NSA-TAO)), I may even speculate that some of their tools were leaked on purpose as a justification/endorsement for such attacks (like, maybe, 9/11?), or that a state should actually arrest someone who stopped such attack, or that stocks are hacked not just by criminals and finally, that "anonymous black-markets" are actually law enforcement honey-pots. Not even mentioning a strange recursive hash theft/backdoor discovered recently. Also, Crypto Dip in the middle of January 2018 by "banning" cryptocurrencies, has cut their prices almost ten times for some cases, but in some "particular" cases, the price raised a lot and, where truly Silk-Road seized bitcoins went? So many questions, yet such uncertainty.

An alternative version is that it's just another pyramid that spiked-up after a financial crysis, like it was in USSR in case of MMM, but in this case, it's going to be worldwide and there is no one to put to jail for it. You might ask however, how such scheme could even work? Well, it's pretty good illustrated in a book called Dunno on the Moon with "The Society of Giant Plants" as example, but to put it in the nut shell, let's say that a company which costs 100 thousand dollars sells its 100 shares, that would mean that each share cost one thousand dollars, and the price varies regarding multiple criteria, such as being successful or not. The thing is that if people will buy the shares, they will become less and less available and since people want more and more, the shares will raise in price because, demand creates offer. On the other hand, if suddenly the price will go down for whatever reason and if everyone decides to sell back the shares, while nobody wants to buy it, the shares will cost almost nothing and drop in price even lower. And it works, because of such psychological phenomenon as greediness, which is the base for almost any pyramid (and probably the only intrinsic value of cryptocurrencies), especially if it's heaped by media (like YouTube).
After-all, currency is indeed currency when you can buy something with it or exchange for green American presidents of Colon... I mean Columbus country. Finally, even if it's a non-state-sponsored pyramid, the state itself doesn't seems to be worrying about a potential dollar concurrency too much, it only tries to profit from it.



That was probably pretty simplified, yet pretty clear, but how bitcoin price is determined since, it's not material-based and when did the first stock exchange begun to accept it? If I'm not wrong, its wide recognition and acceptance begun in 2013, the same year when the gold price went tremendously down for the first time in history, coincidence?

Now, let's take another powerful state - Russia. They want to make their own cryptocurrency, some kind of cryptoruble. For me the reason is pretty obvious - total control. If the blockchain technology will be state-centralized and the only authorized, which Russia wants, the state will control all the economical flow in the country, every payment of everyone.
The justification for such maneuver is not only to "fight terrorism" cliché, but to fight corruption for example, so the intent may seem to be good. However, one should realize that he/she/it would have practically no privacy of market since, everything what goes from and to his/her/its account is state-monitored. Money is power, and Russia will take it from its citizens sooner or later, just like Soviet Union took private property. Suppression of private property is an attribute of Socialism ("from each one an ability, to each one a work"), which is a transitional step from Capitalism to Communism, history repeats itself ... by spiral (according to Marx at least).
Will it be good or bad? I'm not predicting anything, but I just worry about the vectors Russia's heading (and hope that it will not take an example of Estonia's digitalization mistakes). Considering the CIS summit of december 2017, that was probably a subtle proposition to create a common economical space, thus one could predict a Union of Crypto Socialist Republics - UCSR :) and... another cold war phase, subtly declared by Atlantic Council report.

Do I have bitcoins at the moment? No, and I discourage everyone to buy and use them not only for political, but also for philosophical reasons.
A currency is not a merchandise that can be traded on stock, you suppose to buy things with money, but not to buy money with another money, it contradicts the currency intent and creates problems, bitcoin isn't an exception, so please stop being greedy and financing economical slavery along with capitalistic pyramid.

"But hey! It's just a theory! A conspiracy theory! Thanks for reading!"

P.S. soon I might make a proposition of a new economical model based on cryptography and sociology.


Wednesday, December 13, 2017

SkyrimCrypt - Deniable Encryption and Steganography in Computer Games


Even if TES V Skyrim was released more than 6 years ago, people still play it, people still like it and I found a very interesting and nontrivial way to use it as a decoy to hide information, basically transforming it into a steganographic crypto-container (like TrueCrypt).

You might know from news about MMORPGs espionage, however, this is becoming more than real elsewhere ... I thought that only USA "seek terrorist" in order to do what they want, but it's not a political article.
Perhaps you could use online games in order to have a private chat, it's not a bad idea on a perspective of a decoy, but in a point of security view, there is no encryption and plenty of logs, so if you're going to be under suspicon, it's not going to be private anymore. Nonetheless, how to use offline games as a secure storage? This is what my article is about.

You might wonder - there are already solutions, why bother with another-one? Well, the reason is that I don't agree with the existent. Crypto-containers like TrueCrypt/VeraCrypt/LUKS can be identified and even if you will remove the header (thus adding deniability) you might think that nobody would think that it's an encrypted data, unless you know some mathematics behind cryptology. You see, encrypted data is "random" by nature, a more precise term would be - entropic, and entropy can be calculated, meaning that if you have a huge entropic file (containing "random" data), that would raise a suspicion that may be followed by brute-force that may be followed by cryptanalysis that may be followed by torture. Probably I'm exaggerating for today, but perhaps tomorrow it will be the case.

Anyway, the article suppose to be about games and not about paranoia, so let's do some tests with Skyrim. I have one installed on my Linux with Wine, works not so great, but works. But, do you know what's special about Skryim? Mods, plenty of mods exist for it and if you play Skyrim you probably have dozens of them, but not everybody develop mods, those who do, know their structure, fragmentation and extensions, specifically BSA. Now, let's look at them in the Skyrim's Data folder:

 
Those are classical Skyrim "mods", which may be included right after the purchase (for some editions). BSA is basically a compressed archive, thus "random" by nature, although it has a deterministic header, it can have a very big size too.
Now, let's look at one of them:


I specifically chose the one with textures because, mathematics. So, let me explain you all this. As ent tool shows, 7.97 out of 8 bits in file looks random, which is 99.7% of them, plus it indicates that the file was indeed well compressed, the chi-squared distribution isn't good though. It also showed some more interesting statistics, but they are less important and I'll have to explain what I already said, to begin, here's the file's bytes distribution:


As you can see, it's not so random as the entropy may show us, but how is that calculated after all? Well, when dealing with IT we often will reference to Shannon's entropy, which indicates how "random" are bytes of a file:

 

Basically, you would  perform a negative sum of probability occurred for each byte by multiplying it by the logarithm (necessary power) in base two of itself.
Encrypted file is 8/8 entropic (which is sometimes more than a randomly generated file), just like a ZIP archive and it's chi-squared distribution is about 290 for 95% to be sure, now about that:


Basically, it's the fraction of the square of the difference between the estimated distribution and the observed one to the estimated distribution.
That is very interesting because, it shows us if there is a big difference between what we observe and what we estimate, that our hypothesis is true with a certain probability. And here is where I'm not really agree with the ent tool because, it doesn't really shows the probability of being certain (50% in the best case according to them), but let's just say that the lower this number is, the more you can be sure that the data are "really random" and as you can see from the screenshot, 67 million is way bigger than few hundreds, thus we will reject the random nature of such distribution.
I know that you still may have some questions about all this, so feel free to make some web searches in order to fully understand such useful math.
That was to say that even if our file is entropic, it may not be randomly distributed.

Besides, as you may notice the content of the header isn't that random, but it begins from a couple thousands bytes:


So, we can copy the first non-random bytes and then append out crypto-container to it, claiming that it's just a mod for Skyrim whereas it's not, and to extract, we just specify the offset for dd (or directly) and decrypt :


Nevertheless, mathematics will show the truth behind such decoy, as you can see even if adding thousands of nonrandom bytes to 500Mb that wouldn't affect the entropy, neither the chi square, thus raising the suspicion for that file and uncovering it.
But, I'll assume that it would be enough in the near future to bypass border controls in some countries.

Of course, it will be preferably to have a whole steganographic OS or a disk, but don't worry, R&D in progress :)

By the way, if you're afraid that somebody someday might decrypt your files, instead of encrypting them, just try to decrypt :) that way you will have to encrypt the files in order to receive their original form (with the last block lost however) :


You might ask me why I didn't publish a tool to make such BSA mods? I won't and discourage everyone to do so for the same reason this article is written - stealthing. The existence of that tool may also make you suspicious and if you have logs of using it, it's game over. The point is to have no trace whatsoever. If you want more details about what I just wrote, you can checkout one of my works.

Finally, even if you're not going to use my technique, I still hope that you learned something interesting and perhaps useful from my article.
That said, let's make Skyrim sneaking "great again" :)